CVE-2026-34486

DOCUMENTATION: A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain unencrypted, potentially leading to information disclosure. 

            STATEMENT: This is an Important flaw in Apache Tomcat where a bypass in the EncryptInterceptor allows sensitive data to remain unencrypted. This could lead to information disclosure in Red Hat Enterprise Linux and Red Hat JBoss Web Server environments utilizing affected versions of Apache Tomcat.

            MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.